icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

McAfee ePolicy Orchestrator HTTP Server Source Header Remote Overflow

Synopsis

The remote host is running a vulnerable version of McAfee ePolicy Orchestrator.

Description

Arbitrary code can be executed on the remote host due to a flaw in the web service. The remote host is running McAfee ePolicy Orchestrator. The remote version of this software is vulnerable to a stack overflow vulnerability. An unauthenticated attacker can exploit this flaw by sending a specially crafted packet to the remote host. A successful exploitation of this vulnerability would result in remote code execution with the privileges of the SYSTEM.

Solution

Upgrade to version 3.5.0 Patch 6 or higher.